ZDI-24-1058: Microsoft Azure NodeJS LogPoint logpointsassets Uncontrolled Search Path Element Remote Code Execution Vulnerability

August 5, 2024

Read Time:11 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NodeJS LogPoint for Microsoft Azure. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.

openiked-7.4-2.fc42

FEDORA-2025-f55f140c15 Packages in this update: openiked-7.4-2.fc42 Update description: Updated to new release 7.4 Read More

April 13, 2025

83 vulnerabilities in Vasion Print / PrinterLogic

Posted by Pierre Kim on Apr 13 No message preview for long message of 656780 bytes. Read More

April 13, 2025

[CVE-2025-32102, CVE-2025-32103] SSRF and Directory Traversal in CrushFTP 10.7.1 and 11.1.0 (as well as legacy 9.x)

Posted by Rafael Pedrero on Apr 13 <!-- # Exploit Title: Server-Side Request Forgery (SSRF) in CrushFTP 10.7.1 and 11.1.0...

April 13, 2025

Re: APPLE-SA-03-11-2025-2 iOS 18.3.2 and iPadOS 18.3.2

Posted by Nick Boyce on Apr 13 [Complete Apple product novice here (my devices all run a non-Apple OS), but...

April 13, 2025

[KIS-2025-01] UNA CMS <= 14.0.0-RC4 (BxBaseMenuSetAclLevel.php) PHP Object Injection Vulnerability

Posted by Egidio Romano on Apr 13 ------------------------------------------------------------------------------------ UNA CMS <= 14.0.0-RC4 (BxBaseMenuSetAclLevel.php) PHP Object Injection Vulnerability ------------------------------------------------------------------------------------ [-] Software...

April 13, 2025

OXAS-ADV-2025-0001: OX App Suite Security Advisory

Posted by Martin Heiland via Fulldisclosure on Apr 13 Dear subscribers, We're sharing our latest advisory with you and like...

April 13, 2025

NVD Revamps Operations as Vulnerability Reporting Surges

Friday Squid Blogging: Squid and Efficient Solar Tech

Google Cloud: Top 5 Priorities for Cybersecurity Leaders Today

AI Vulnerability Finding

Ransomware reaches a record high, but payouts are dwindling

Cyble Urges Critical Vulnerability Fixes Affecting Industrial Systems

Reimagining Democracy

China-based SMS Phishing Triad Pivots to Banks

Google Cloud: China Achieves “Cyber Superpower” Status

ZDI-24-1058: Microsoft Azure NodeJS LogPoint logpointsassets Uncontrolled Search Path Element Remote Code Execution Vulnerability

openiked-7.4-2.fc42

83 vulnerabilities in Vasion Print / PrinterLogic

[CVE-2025-32102, CVE-2025-32103] SSRF and Directory Traversal in CrushFTP 10.7.1 and 11.1.0 (as well as legacy 9.x)

Re: APPLE-SA-03-11-2025-2 iOS 18.3.2 and iPadOS 18.3.2

[KIS-2025-01] UNA CMS <= 14.0.0-RC4 (BxBaseMenuSetAclLevel.php) PHP Object Injection Vulnerability

OXAS-ADV-2025-0001: OX App Suite Security Advisory